If You Believe Your Internet Content and Webmail are Private, Read This...

The legal status of personal data stored in the cloud or transmitted over the Internet is far from clear. Terms of Service and Privacy Policies may leave you more vulnerable than you expect -- unless you're one of the decidedly small minority of users who actually read those documents. In short, if you want to protect personal information, don't send it by email or store it online.

Do you really believe your Web-based email is private? Let's start with Terms of Service (ToS) or Privacy Policies, which few people actually read -- maybe even less so for webmail accounts.

As a reminder, take a look at
previous columns I have written here on ToS provisions and Privacy Policies. I won't belabor those issues again.

1986 Stored Communications Act Controls Internet Content

In 1986, the Stored Communications Act (SCA) was initially designed to protect telephone records, not
Internet activity. There was not much Web activity then, since there were no browsers. So when Internet Service Providers were confronted with Internet record requests, they relied on the SCA to address whether to withhold producing personal content without the written permission of the owner when served a subpoena in a civil action.

Until Congress creates new laws dealing with Internet data to replace the SCA, ISPs will continue to look to the SCA for guidance. Under the SCA there are two types of records: 1) "electronic communication service" (ECS), controlled internally within a business, such as on company owned computers and servers; and 2) "remote computing service" (RCS) -- such as Gmail, Facebook and telephone records at AT&T.

In a civil litigation, one party may subpoena content of litigants' emails and postings from ISPs, since
those are kept in "electronic storage." Electronic storage is defined in the SCA as follows:

A) any temporary, intermediate storage of a wire or electronic communication incidental to the
electronic transmission thereof; and

B) any storage of such communication by an electronic communication service for the purposes
of backup protection of such communication.

This may seem simple on the surface, but of course courts do not always agree on what things mean.

SC Supreme Court Rules on SCA

The SCA applies to electronic storage for "the purposes of backup protection of
such communication." However, the South Carolina Supreme Court recently ruled in the divorce case
of Jennings v. Jennings, where the availability of emails was a critical issue shedding light on the alleged infidelity of the husband. The issue for the court was whether the SCA could be relied on to limit access under a subpoena after emails were read.

Following is how the majority of the Court ruled:

"After opening them, Jennings left the single copies of his e-mails on the Yahoo! server and
apparently did not download them or save another copy of them in any other location. We
decline to hold that retaining an opened e-mail constitutes storing it for backup protection
under the Act.

"The ordinary meaning of the word
'backup' is 'one that serves as a substitute or support.'

"Thus, Congress's use of 'backup' necessarily presupposes the existence of another copy to
which this e-mail would serve as a substitute or support. We see no reason to deviate from
the plain, everyday meaning of the word 'backup,' and conclude that as the single copy of the
communication, Jennings' e-mails could not have been stored for backup protection."

Chief Justice Toal disagreed with the majority ruling, noting "...that Congress never contemplated this
new form of technology." She rejected the majority's reading of "backup" and instead concluded that
the emails are not backups because they were not made by the ISP for its own purposes.

Of course, the South Carolina Supreme Court ruling only applies in that state. It remains to be seen
whether other states will adopt the same definition of "backup" or agree with Chief Justice Toal's
minority opinion.

Twitter Challenge of Subpoena

On a related note about Internet content, Twitter currently is challenging a New York Criminal Court's
order to produce information through a subpoena without first obtaining a warrant. Twitter is
asserting that such production would be a violation of the defendant's rights under the First and Fourth
Amendments of the Constitution. In the case of People v. Harris, Malcolm Harris is being prosecuted for disorderly conduct in connection with the Occupy Wall Street protest in October 2011.

The American Civil Liberties Union and the Electronic Freedom Foundation filed an Amicus brief in
support of Twitter appealing April 20 and June 30, 2012, rulings requiring Twitter to produce specific
information from Harris' account "@destructuremal":

"...his personal email address and also the content of all tweets, the date, time and the IP address
that corresponds to each time he used Twitter over a three-and-a-half month period, and the
duration of teach of Harris' Twitter sessions."

Protection for social media usage under the Constitution remains an interesting challenge, and how this
case plays out may have a significant impact on social media privacy for years to come.

Some Conclusions

Ultimately, in addition to limitations posed by ToS and Privacy Policies, privacy of your Internet content and webmail may be subject to further limitations by the SCA and court decisions.

The advice given to many still holds: If you don't want others to know your private content or emails, don't put that content on the Internet or in emails.

E-Commerce Times columnist Peter S. Vogel is a trial partner at
Gardere Wynne Sewell, where he is chair of the eDiscovery Team and Chair of the Technology Industry Team. Before practicing law, he was a systems programmer on mainframes, received a masters in computer science, and taught graduate courses in information systems and operations research. His blog covers
contemporary technology topics.